Log Forwarding – FortiAnalyzer – FortiOS 6.2.3

Managing log forwarding

Log forwarding mode server entries can be edited and deleted using both the GUI and the CLI. Aggregation mode server entries can only be managed using the CLI. Entries cannot be enabled or disabled using the CLI.

To enable or disable a log forwarding server entry:

  1. Go to System Settings > Log Forwarding.
  2. Double-click on a server entry, right-click on a server entry and select Edit, or select a server entry then click Edit in the toolbar. The Edit Log Forwarding pane opens.
  3. Set the Status to Off to disable the log forwarding server entry, or set it to On to enable the server entry.

Only the name of the server entry can be edited when it is disabled.

  1. Click OK to apply your changes.

To edit a log forwarding server entry using the GUI:

  1. Go to System Settings > Log Forwarding.
  2. Double-click on a server entry, right-click on a server entry and select Edit, or select a server entry then click Edit in the toolbar. The Edit Log Forwarding pane opens.
  3. Edit the settings as required, then click OK to apply your changes.

To edit a log forwarding server entry using the CLI:

  1. Open the log forwarding command shell:

config system log-forward

  1. Enter an existing entry using its log forwarding ID:

edit <log forwarding ID>

  1. Edit the settings as required. See the FortiAnalyzerCLI Reference for information.
  2. Enter the following command to apply your changes:

end

To delete a log forwarding server entry or entries using the GUI:

  1. Go to System Settings > Log Forwarding.
  2. Select the entry or entries you need to delete.
  3. Click Delete in the toolbar, or right-click and select Delete.
  4. Click OK in the confirmation dialog box to delete the selected entry or entries.

To delete a log forwarding server entry using the CLI:

  1. Open the log forwarding command shell:

config system log-forward

  1. Delete an entry using its log forwarding ID:

delete <log forwarding ID>

The log forwarding server entry is immediately deleted. There is no confirmation.

To delete all log forwarding entries using the CLI:

  1. Enter the following CLI command:

config system log-forward purge

  1. Enter y to delete all the entries.

This operation will clear all table!

Do you want to continue? (y/n)y

This entry was posted in Administration Guides, FortiAnalyzer, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.